| Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
|
| diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
|
| index befa79ce37f8840af11fcd2ca706b592bd98babc..1eb3d018c073d1fdd6adb61585ce0a06d9c60858 100644
|
| --- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
|
| +++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
|
| @@ -105,6 +105,9 @@ public:
|
| // https://mikewest.github.io/cors-rfc1918/#csp
|
| static const char TreatAsPublicAddress[];
|
|
|
| + // https://w3c.github.io/webappsec-subresource-integrity/#require-sri-for
|
| + static const char RequireSRIFor[];
|
| +
|
| enum ReportingStatus {
|
| SendReport,
|
| SuppressReport
|
| @@ -205,7 +208,9 @@ public:
|
| bool allowScriptWithHash(const String& source, InlineType) const;
|
| bool allowStyleWithHash(const String& source, InlineType) const;
|
|
|
| - bool allowRequest(WebURLRequest::RequestContext, const KURL&, const String& nonce, RedirectStatus = RedirectStatus::NoRedirect, ReportingStatus = SendReport) const;
|
| + bool allowRequestWithoutIntegrity(WebURLRequest::RequestContext, const KURL&, RedirectStatus = RedirectStatus::NoRedirect, ReportingStatus = SendReport) const;
|
| +
|
| + bool allowRequest(WebURLRequest::RequestContext, const KURL&, const String& nonce, const IntegrityMetadataSet&, RedirectStatus = RedirectStatus::NoRedirect, ReportingStatus = SendReport) const;
|
|
|
| void usesScriptHashAlgorithms(uint8_t ContentSecurityPolicyHashAlgorithm);
|
| void usesStyleHashAlgorithms(uint8_t ContentSecurityPolicyHashAlgorithm);
|
| @@ -228,6 +233,7 @@ public:
|
| void reportInvalidDirectiveValueCharacter(const String& directiveName, const String& value);
|
| void reportInvalidPathCharacter(const String& directiveName, const String& value, const char);
|
| void reportInvalidPluginTypes(const String&);
|
| + void reportInvalidRequireSRIForTokens(const String&);
|
| void reportInvalidSandboxFlags(const String&);
|
| void reportInvalidSourceExpression(const String& directiveName, const String& source);
|
| void reportInvalidReflectedXSS(const String&);
|
|
|
Chromium Code Reviews
Issue 2056183002:
Implement the `require-sri-for` CSP directive (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master